]> granicus.if.org Git - curl/commit
projects / curl / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cea1fd7) | patch
curl: avoid local drive traversal when saving file (Windows)
authorRay Satiro <raysatiro@yahoo.com>
Tue, 26 Jan 2016 22:23:15 +0000 (23:23 +0100)
committerDaniel Stenberg <daniel@haxx.se>
Tue, 26 Jan 2016 22:42:55 +0000 (23:42 +0100)
commit3017d8a8d8849ebd4feae4f5eae037cd55736a61
tree976231c185eafd16960d905dc73a7ca0c04ff59ftree | snapshot
parentcea1fd7a9414b628e3b462b08ee3b64f24a689d1commit | diff
curl: avoid local drive traversal when saving file (Windows)

curl does not sanitize colons in a remote file name that is used as the
local file name. This may lead to a vulnerability on systems where the
colon is a special path character. Currently Windows/DOS is the only OS
where this vulnerability applies.

CVE-2016-0754

Bug: http://curl.haxx.se/docs/adv_20160127B.html
src/tool_cb_hdr.c diff | blob | history
src/tool_doswin.c diff | blob | history
src/tool_doswin.h diff | blob | history
src/tool_operate.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.